[ntp:security] [Bug 3072] Attack on interface selection

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Sep 12 16:56:00 UTC 2016


--- Comment #5 from Juergen Perlinger <perlinger at ntp.org> 2016-09-12 16:56:00 UTC ---
(In reply to comment #4)
> As for the security bug, with the patch I'm no longer able to reproduce it.

Good to hear. Thanks for testing this!

> But I'm not sure about the change in set_peerdstadr(), I think dstadr needs to
> be NULL is some cases, for example with refclocks or NTP sources for which
> there is no suitable interface yet.

If this is this about the line

    if (p == NULL || p->dstadr == dstadr)

then I do no not see how this could prevent 'dstaddr' from becoming NULL. Or am
I missing something here? This just avoids a possible NULL pointer access.

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list